Cloud Armor Updates
Google Cloud announced several updates for Cloud Armor, its distributed denial-of-service (DDoS) defense service and web-application firewall (WAF) that helps customers protect their websites and services from denial-of-service and web attacks with the same infrastructure, network and technology that Google uses to protect its own internet-facing properties.
The cloud provider announced the general availability of four new preconfigured WAF rules and a reference architecture to help its customers protect against OWASP Top 10 web-app vulnerability risks. The new WAF rules — scanner detection, PHP injection, session fixation and protocol enforcement — help protect customers’ websites and services from attacks such as HTTP request smuggling and unwanted scanners and crawlers.
Google Cloud unveiled preview releases of Cloud Armor protection for content served from Cloud Content Delivery Network (Cloud CDN) or Google Cloud Storage (GCS) backend buckets. Customers now can enforce geography-based access policies and block unwanted users to comply with licensing or regulatory requirements by deploying Cloud Armor edge security policies in front of their Cloud CDN- or GCS-enabled services to filter requests before they’re served from cache.
Google Cloud also announced per-client rate limiting in Cloud Armor, now in preview, with the introduction of two rule actions: throttle and rate-based-ban. “Now users can help ensure the availability of their applications, prevent abuse and mitigate malicious activity like credential stuffing by configuring Cloud Armor to throttle clients to a specified request rate or block all traffic from abusive clients,” said Emil Kiner, Google Cloud’s Cloud Armor project manager. “Rate-limiting rules will be available to all Cloud Armor customers (both Standard and Managed Protection Plus) in the upcoming weeks.”